On a more selective Google
19 July 2024 | 5:03 am

Selectivity is long overdue. Marginalia, Stract, and Teclis feel like a breath of fresh air for broad short-tail queries because they downrank or skip pages full of ads, trackers, scripts, and even SEO. However, Google’s selectivity can’t penalise such criteria as that would conflict with its ad business.

Google has a bias against new sites. This makes sense, given their spam potential. I disagree with your argument that a bias against new sites is a pivot away from Experience, Expertise, authoritativeness, and trustworthiness (EEAT): it takes time for a website to become an authority and earn trust. If delayed indexing of new sites is wrong, then the problem lies with EEAT. I argue that EEAT is a good framework for an answer-focused engine, but a bad framework for a discovery- or surfing-focused engine like Marginalia or Wiby, respectively.

Caveats to Ungoogled Chromium recommendations
15 July 2024 | 4:05 am

In the wake of a certain ad-funded browser company bundling adtech into its browser yet again, some people have been recommending Ungoogled-Chromium (UGC). I think it’s fine to recommend UGC with caveats, such as the fact that it disables component updates that include:

  • Certificate revocation. Chromium uses downloaded CRLSets for revocation; it does not support OCSP.

  • Out of band security patches. When browser components have exploits in the wild, they need to be patched ASAP; updating billions of installations within time-frames measured in hours often means restartless out-of-band updates.

  • Out of band certificate bundle updates.

If you assume Google uses its component update server logs maliciously, you may wish to consider a fork that still offers component updates provided by a different party’s servers.

UGC disabled mDNS at one point. This exposed local IP addresses over WebRTC for years, but they seem to have shipped a fix in May 2023 to disable non-proxied UDP.

UGC also disables the Chrome Web Store in favor of installing extensions out of band. Make sure you regularly update your extensions installed out-of-band, since UGC won’t do it on its own. Some scripts and a special extension re-implement some of this functionality.

Overall, UGC is still safer than QtWebEngine despite making heavy compromises to security for privacy (though I can’t see how either benefited from disabling mDNS: I’m not aware of threat models under which revealing a local IP to every application is preferable to revealing it to just Google). Running UGC is fine if you understand these trade-offs and have accounted for them. I use it in headless mode to run accessibility and performance tests.

On valid XHTML5 again
23 June 2024 | 8:15 pm

Switching a site to XHTML5 is only a lot of work at first, because it may have latent bugs. For instance, you may have a stray tag that the HTML parser auto-closes but an XHTML parser won’t. I find this effort worthwhile because some of these bugs will eventually visibly manifest.

One thing I’ve noticed is that some tools are incompatible with an XHTML5 MIME type. Site auditors like Lighthouse are only provisionally compatible, and some browser extensions are rather buggy. You can compare them yourself on seirdy.one: switch the MIME type by appending /index.xhtml to a URL. You may have to disable the CSP sandbox by appending ?sandbox=off to the URL to get Lighthouse to work. I keep my site polygot and serve with the text/html MIME type by default for maximum compatibility.

More News from this Feed See Full Web Site